The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us
Resources

The knowledge you need to manage and protect your attack surface.

What's New Blog
Perspectives

You Can’t Just Walk Away from Subsidiary IT Risk

CyCognito
By CyCognito Staff
Rule Your Risk
May 22, 2020

If a product can help you evaluate third-party IT risk, it’s not a huge stretch to imagine that same product could help you assess the security risk of your subsidiaries. But many of the chief information security officers (CISOs) we talk to who have tried to apply a security ratings service  to the challenge of monitoring their subsidiaries’ security tell us this approach really hasn’t worked for them. Here’s why:

There’s a big difference in your level of responsibility for a subsidiary owned by your parent company and a third-party you are considering doing business with.

Network connections with either can introduce your organization to risk, of course, but you can’t just walk away from the security issues of your subsidiaries the way you can from an independent vendor. Ultimately your organization has the responsibility for addressing the IT risks in your subsidiaries. Thus, you’re not just looking to score the level of risk at your subsidiaries, you are looking to remediate and manage issues.

Deep security expertise must be built into your subsidiary risk management approach.

Expertise that helps you prioritize the many exposures identified and guides subsidiary teams to quickly remediate those exposures. The lack of useful remediation guidance in security ratings products is perhaps the biggest complaint we hear from CISOs who have tried unsuccessfully to use a security ratings service to manage their subsidiary or corporate risk and are now looking for a better way to do it. A product that is built for managing subsidiary risk should be able to identify:

  • which attack surface assets in the subsidiary are most critical to protect
  • which assets will be most desirable to attackers
  • which paths into the attack surface attackers are most likely to exploit
  • precisely how and where subsidiary security teams can remediate any identified attack vectors

Many corporate IT security teams oversee subsidiary risk but do not have hands-on engagement. CISOs tell us that they prefer being able to identify the highest priority risks at their subsidiaries and then offer the subsidiary security teams detailed remediation guidance about how and where to eliminate those risks. That increases the effectiveness and efficiency of all their security teams and improves their overall security. 

Managing subsidiary risk is a matter of both scale and frequency. 

Many organizations grow by acquisition, so their attack surfaces are ever expanding, which presents additional overload for already over-burdened and finite corporate security teams. A product that is purpose-built for managing subsidiaries should include efficiencies that scale, with a process that works for one subsidiary — or a thousand. 

CISOs want an overall view of their security posture as an organization/conglomerate, as well as the detailed risk view of each subsidiary and the ability to track and report on the same. And monitoring subsidiary risk has to be an ongoing process that can easily absorb oversight of new subsidiaries and the ever-changing attack surfaces of each of them without substantial additional overhead.  


Topics





Recent Posts








Top Tags



CyCognito Research Report

State of External Exposure Management

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.

Dummies Book

External Exposure & Attack Surface Management For Dummies

External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.

Interactive Demo

Ready to Rule Your Risk?

Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.